使用FITER技术拦截非法请求
WEB项目中如何实现禁止下载文件(一)
中我仅仅是设置方法拦截并判断请求
在这里将使用FITER拦截请求
jsp:
<object type="application/x-shockwave-flash" data="<%=basePath %>video/flv/vcastr3.swf" width="555" height="430" id="vcastr3" tabindex="0">
<param name="movie" value="<%=basePath %>video/flv/vcastr3.swf" />
<param name="allowFullScreen" value="true" />
<param name="FlashVars" value="xml=<vcastr>
<plugIns>
<javaScriptPlugIn>
<url><%=basePath %>video/flv/javaScriptPlugIn.swf</url>
</javaScriptPlugIn>
</plugIns>
<channel>
<item>
<source>1.flv</source>
<title>${video.videoName }</title>
</item>
</channel>
</vcastr>"/>
</object>
web.xml中:
<filter>
<filter-name>FlvFilter</filter-name>
<filter-class>com.filter.FlvFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>FlvFilter</filter-name>
<url-pattern>*.flv</url-pattern>
</filter-mapping>
同样这种方法只能这针对某种资源
com.filter.FlvFilter中
package com.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class FlvFilter implements Filter {
public void destroy() {
}
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest)servletRequest;
HttpServletResponse response = (HttpServletResponse)servletResponse;
//判断是否则允许观看视频
User user= (Admin)request.getSession().getAttribute("user");
if(user== null )
return;//return 就是中断本次请求
@SuppressWarnings("unused")
HttpSession session = request.getSession(false);
//加入filter链继续向下执行
filterChain.doFilter(request, response);
}
public void init(FilterConfig filterConfig) throws ServletException {
}
}
效果:
迅雷新建任务只能下载到0B的东西